Questions on Cryptography Stack Exchange are expected to relate to cryptography within the scope defined by the community. Consider editing the question or leaving comments for improvement if you believe the question can be reworded to fit within the scope. Read more about reopening questions here.
If this question can be reworded to fit the rules in the help center, please edit the question.

1

Given the typical implementation of rand(), you're using a quite generous definition of "works". IMO it does not work, even for non security related stuff.
–
CodesInChaosMar 20 '13 at 17:47

1

The rand() function of C is not a cryptographic pseudo-random generator, and as such off-topic here. Therefore I'm closing this question.
–
Paŭlo Ebermann♦Mar 21 '13 at 21:11

2 Answers
2

Now, rand() doesn't take a seed; that means that everytime the program runs, calls to rand() will generate the exact same sequence of numbers. This is a deliberate design decision; that means that the program behavior is reproducible (which can be important if you're debugging). If you don't want this behavior, well, that's why srand() is provided.

As for what "looks random" means, well, it essentially means "if you eyeball the output, no obvious pattern jumps out at you".

When working with cryptography (you did ask in the crypto stack exchange), we don't have much use for rand(); even if you feed in a seed via srand(), that seed is generally too small to be useful, and even if the rand() output isn't obviously patterned, crypto has much higher criteria for randomness.

On the other hand, other uses need not have such high standards. I believe rand() may be useful within some randomized algorithms; just not cryptographical ones.

Of couse this may vary from disto to distro and version to version. You should find your local stdlib.c file (or the one that corresponds to your distro) to see how exactly it's implemented. srand() merely changes holdrand:

void srand(unsigned int seed) {
holdrand = (long) seed;
}

so as @poncho said it merely garbles the output. No true randomness whatsoever.

That implementation is just one possibility; in fact, the C standard provides a different sample implementation (similar, but with a different multiplier and constant). Different C compilers/libraries are perfectly free to use something else (and likely will).
–
ponchoMar 20 '13 at 19:04

Yes that's very likely. I posted the source to show there's no elaborate algorithms behind rand(), just vile trickery and deception.
–
rathMar 20 '13 at 19:08